The vulnerability is caused due to an error in the handling of parent windows and can result in a function call using an invalid pointer. This can be exploited to execute arbitrary code when a user e.g. visits a specially crafted web page and closes opened pop-up windows.

The vulnerability is confirmed in Safari version 4.0.5 for Windows. Other versions may also be affected, the company warned.

---------------------------------------------

After basically pushingvulnerability filled Safari onto Windows users, they are failing to notify those users of a very serious security vulnerability....which is out in the public, which could be used to exploit users of the Safari browser.

Basically, Apple is hanging its own [Windows] users out to dry....again.

It's hard to believe Apple is "serious about [enterprise] security" when they can't even provide basic information to their general user population.

According the US-CERT, the issue can be mitigated by disabling JavaScript in Apple Safari.